From patchwork Sat Oct 7 01:06:07 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 9991001 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 4D76E60244 for ; Sat, 7 Oct 2017 01:07:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3E9C728B20 for ; Sat, 7 Oct 2017 01:07:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3139028DAF; Sat, 7 Oct 2017 01:07:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9636228B20 for ; Sat, 7 Oct 2017 01:07:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753229AbdJGBGv (ORCPT ); Fri, 6 Oct 2017 21:06:51 -0400 Received: from mail-sn1nam01on0081.outbound.protection.outlook.com ([104.47.32.81]:49120 "EHLO NAM01-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753187AbdJGBGj (ORCPT ); Fri, 6 Oct 2017 21:06:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=WQKr0qrpcqM/BCnqvUAH2RX1JsclP1m0n1lkplK/fD4=; b=j28mypQrDN/+VlBtXcbq+tCHPSqeRBi3xCH4y52TI9SeGFphKl1pKy9obRuAId64aS/7nTjMiYFuSHYxg38kDm1OSx3nlwHxlrR4J5kyCBAXWpRK/Ub74+pU+fGxeUmmayMrYrxioK4IalG3SwmdkwjbObww88mb7YdijyiIFBI= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from ubuntu-010236106000.amd.com (165.204.78.1) by CY1PR12MB0150.namprd12.prod.outlook.com (10.161.173.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Sat, 7 Oct 2017 01:06:24 +0000 From: Brijesh Singh To: bp@suse.de Cc: Brijesh Singh , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Herbert Xu , Gary Hook , Tom Lendacky , linux-crypto@vger.kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [Part2 PATCH v5.1 12.9/31] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command Date: Fri, 6 Oct 2017 20:06:07 -0500 Message-Id: <20171007010607.78088-9-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171007010607.78088-1-brijesh.singh@amd.com> References: <20171004131412.13038-13-brijesh.singh@amd.com> <20171007010607.78088-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM3PR12CA0085.namprd12.prod.outlook.com (10.161.151.157) To CY1PR12MB0150.namprd12.prod.outlook.com (10.161.173.20) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 79396493-5ed7-4d50-70bc-08d50d1fa1c6 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(48565401081)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:CY1PR12MB0150; X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0150; 3:FFxeN6LetFLJlup9WC4b2kscHjdFfF4Y6F7xkPYTTgXMidbssn7wu/JP3C7zsYVf+ml8m6NxFb0G0KwLkGF2EK7I8dxuMAqjMckayT9LwvvizEC1736YfbiUyj58Fq7Wm0KTlPReCihNIUm1gCaYvLonJwGskkJZIX5OMnxabwJV0cAnDXH/nRVplWq7DpR3d0ZrM8kMeoqKjYoe3WWIoTM8RX9WreqdkpDRODHZCodjAr2zTQOxYP9f17T4+Pns; 25:9fuMldZLGUDYVVLlc0H9LuQ/khaRDSer1p2kn+pj+OliJOBvXj4Mq2TnI/eL3uDfoWd4rGqnQUVO80iwMNGCu8bU9Kwm1niXhYnOCElLkQx4cXZQZxdA9F8etVF94ANjthn4qKAvuiBN+uIbMF0bhYngSwnnqhJDn81Nxs1k2kKWhHW8eUWKLSr5WtDx4CkTAZMfpjm+PaGw4Pm5H4sQRe46c8YBEo0M1fw+991kRkWux3vuM0nvlXcsKQ/1R7Q11WyUk7p+3NKxixu23NR9VTTTcev/VoPt2b08igMYxzYEle81mfyufNg0v6YnBfwEL9jW+wrefle69rcYt+9nIw==; 31:fRTGTj7gCMYOcvEb5HHl5aPLwefpBb0tCDpaQnIe75tUzj4PVWa1WDcxMpOfiD9pNfszYeG55zTgfwoYnvfYxrpieXkJqffy3n5prPbCR1etSrIBhRvEWSUFoKQdOdTUlBFKL6wKk+WIT99/+RXDABOoK6J4AKMwUwzVpYah/Qn75cVIhjXtMEotZmI4i6lT7kY7D24wkK7MFzxB7oDGQSD8vzYDt0bGMOhGGozcULM= X-MS-TrafficTypeDiagnostic: CY1PR12MB0150: X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0150; 20:ZOeJe1EqhvEJZxBR+0S55e9iAE/4OApLa2B6xRTICCG2ddb+qMmq+q1sdJ2ctPYVBX7Ab396d8y1liQ6cDugcsWreuTbv+zVeCqf3mYYSVoSauWLzDW040F65DCU/cLZdNdHPrWQ1jUKn1aGLzGALLKPLuPZHFv4lFFsSeSbj4HFT9660ZRvRT84UCF8cmW0ltL1LQ6C4WwBPh0ZCwwboQ+eSdPUnftlVcsQ8xnAd8wE1DVlyItOMnno28NH25IKu6THA4x2k3gR/ReNcw6f516OVbyf/yTIMHa+RS1ST+EKAxE1RPGAqx0lIF+7+UCSzwfUDnXWaRpU2jnWBEcOK2JMXfL32YdhopwBvnXWManXe0lpVMEOPLisNCp6bkhLTRQv4dotHqmUqexytiEXGPYAtXcoi/7fuU285AzNcKVhO93ZGRX8N+cqObssPHeL/ciDZTZNi4dKb49nnrvy0iPxSF81kCYQWOQp0JwskJUqz0BVYm+/hGmYNzzeotY5; 4:ku3yaJhx5nVl/LjA4NzhKkYQfj/JyT529tuNl3ZhEsIjNkmnx/HtpfqTAyTkiZALZurNfo6wd6HnQBOhfTYCDBJcJHkT6dif4YChQtCE0mQWD9c2mBJHT8KJQRZmUNAa2NB6Q3ZS1kNvJzFGmqqf05TsF7rEs3FpvJi8RCZ5b90Rrs++7F6QqYGnQlhn7jLZUz0YL95Hf02+WhUINOcvmpFDVzSa2vZi17gADBUK7uZr0AhU/dIKMFov1BUDcWe4NFwGZhIUhU5D6jdFnU/cIjK96lWyDawsbdjyEkZCdpmChM+mQf9owZahsbo+KVmt4DSAZjnPE1wY+FKeVKDkbw== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(100000703101)(100105400095)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123555025)(20161123558100)(20161123562025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY1PR12MB0150; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY1PR12MB0150; X-Forefront-PRVS: 045315E1EE X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(5423002)(199003)(189002)(6916009)(53936002)(316002)(50466002)(36756003)(6486002)(25786009)(4326008)(2351001)(16526018)(478600001)(5660300001)(2870700001)(2361001)(2906002)(47776003)(54906003)(53416004)(6666003)(86362001)(76176999)(6116002)(106356001)(3846002)(105586002)(66066001)(81156014)(50226002)(68736007)(101416001)(8676002)(97736004)(305945005)(1076002)(33646002)(23676002)(50986999)(8936002)(189998001)(2950100002)(7736002)(81166006); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR12MB0150; H:ubuntu-010236106000.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTFQUjEyTUIwMTUwOzIzOjNEalkrRmZUK3VXMUYveTNjdVBXZS9LVVFF?= =?utf-8?B?c243UU4vbU10NHJNQ0NTdmg5YzBRcUR6ajdPWVAxM0dGQWIrQmphZGFBUjEy?= =?utf-8?B?UmZ4RXh4bGFFN2o2b0p2QnAyeE5FRkFPVjlPTHZYNTkveUtKM0pES255WkVi?= =?utf-8?B?UHUxWGZvc0VGa3l5emZCUFliSUJPSGhjYy9zcXVadXRZMjhKdWttZ0k2b0NM?= =?utf-8?B?QlJ6b0NPWnJQdkRXdFN6Yk9ELzlmaU5vOVNoKzF2SnBsaTByeWxTL1B5RFNS?= =?utf-8?B?ZlhLTGJjZnVRQkZrb0JFc0c0bmtXcGtsb3p6OTkrcHhpUDV0NHhFY1d3ZTF6?= =?utf-8?B?R3N3bTQzZHZKVERvd1pHOFhLZ0xhNm9ab09nSm9DK2psck5IT3kyWUpQaWgy?= =?utf-8?B?Ykd3WVRtcTJqMTVMSTZXSjBYQXVKM2gwZDJOT3M1WjI1VkdKaldEZGhZS28x?= =?utf-8?B?dUNuZzRrTE1wQisrZ3c3UnNZc3oyRjBuNVZQYUJ4UG5HWXlWenFRNVVjYnc1?= =?utf-8?B?V3FSWjRrV0l5bThtYXdzRHNiK0RHN2xwT1Y3WTJzMzY4NVVmVHhtV1pjZ2xh?= =?utf-8?B?azNSb2phaUxIN0p1NFQvVmRWbm9Jclc5Zll0QW9ldkk1K05xQW1iMXhGRnRk?= =?utf-8?B?Sm93ZGRod1VuZFZsdU5YV0ZVL2R3WUU3Q0ZSYktyS1pBS1JUNjc0alpDZ3VL?= =?utf-8?B?Umo1Zi8rbld2bG9aYXp0Y2pZL3NGTU85MWxLWlBldmtML01XTmZBNjlEK0sr?= =?utf-8?B?b28wNHBrMkRoaU52RVVSRXBzVXpaeWNBY2hpNzRDSkNSNzVzZGQxQmRYd1Bp?= =?utf-8?B?WWtOL01NWkM4b0hxYWM0Wm4xdVRQTTlsRnJEbUNsa3BBcVFrNVoxQ2hvK1FR?= =?utf-8?B?alk2Q1VldFQ4dm1SOS9oc2ZQTkd1YnZZbHowUWJTL3kwTnRCbDEzR2xGV09N?= =?utf-8?B?YW82K3IwbnkraVBUcjFaRGh3VEU3NlRLdUpVdmZqOHBQYytMbzM5VWRxNnJt?= =?utf-8?B?eE5rWkIwM1pzQmNCSDdDM1ljUkx1cDhVMHFwN1NxRWw4eDFORjEvWDREK0E4?= =?utf-8?B?QTduSnZZZjBJSVFSNThxa1V3MUJjcjZkbElwaElpb3ZrQW1zYzM2STNqdXhm?= =?utf-8?B?d1kzaXpXKzVhMWVYNDJHQm5oRFgzZWREdTN5M3BGTlNxQk1GNkVjZHc5Zngz?= =?utf-8?B?ZHB1aVQvT0dUemhyTVNCZG1hSzRPZ3pCNjJJQ0UvN0M4VkczQUxwMjNSVnRN?= =?utf-8?B?M0V0NkJDT29Ta1pURlE4NS9PZVdGbktMc3Jha3pGY01GbUlldlprd0h2cFgv?= =?utf-8?B?RDdCSXBhSHpMSHM0YlJKR21UbzNWcVlkMEp5U2dEZnUvOGpvZFVrSzhrSm1w?= =?utf-8?B?Uk42eUxLeHMvVC9aTjJxeGUxWFY1RXFleTNicDJLZ0dOajZ6OWxsTUQwQ2Jl?= =?utf-8?B?OXlPMHpsZjhxNTlTZUlMczJlMkIwSzZoVnVqK04rMW5PajdLa0RpTXAyZkFG?= =?utf-8?Q?ubocZMTroK+hlksRuMaf2LNnM=3D?= X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0150; 6:KEy+r9DjA6AJ2PfqAf0GaqlnS77ihCG6R8mAmRVANOpx3bIhkx5XgZngMCQ64sIYsGRyaE44eXHat8TB11GmAAaw5/qRs+qLebGVDIE1ahF03DkEIZpBmR6zoojLKVKVsmi7NjoMgTEmK8LrErs0hY8h0i4HozF/d+1oCjHKAd/VHjCSgGG04eNd1sF69GAVzvvp2xIPxjAdB0rkpaJmCD9CpwEby2dPzWpe4UpMYoVrJQ5+oEXkBN3jG3ld51KFGpFn/qyph3Jx9gopObGq67/em6+OHVv6cF3NigeAV6tSPQnM20eF6Jhq+oSxqIsXWgD9RkYMwz9kjP930twcjQ==; 5:zty4Nl2Gbs1dx5osDwCdZjpsg2CjbIdJ8sU9FUxVXuH5/o3EITshSad2A8Bo/w1Ea8gLRsLAOux3JcHAx6Zq7bP76Dms2o4rwUYbPzD0PkJvSj00BiWumcZNuMbRHbtjAQoHLGzCMX7+2iVIR1Fj0Q==; 24:qbnl2gI5es9ws7MLllyI6iDkOKxTHrwS3rS8bl+nBxZh/H7PO08ruFaSdKUg1ldwvRt27lWRjQHwiPS3IKAGJQ6+YJ9vQhG3MG3xQ21RwnI=; 7:FiyNNv/rShE85IE13dRlYpjIeqzzYiSCVXaAL/ws5B0HwzopoMBVKw9cS3QN2bZgo6IaKZd6iG3LGgQ3jT4WQFoYfevKVCt4607JUu23weio1Kl/xn8JUfccnp4svFDoXJgF8BdFs4M0292JIKOdVzBMeIPhxOrq0qWKI/6ydMsxuGJL8iGPHfoer7QktIK0+oGiK02IbGBE5T1ZESL5L6OxzPXwMKupHTeJPvbEseI= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0150; 20:bxaQ09N3yky8BS9ADenDx9m+W4g1WREOTpHfLQ7Miu7qPyUpkLhsAREhq0i+irYNgLB0ojUgFcf/sTk9IgQqRsYjAnx7Hv9qL7F++ONhkrBYa4GogEeIMCKLilPUXY4iHNwIktc6el7ZLKP/eg+fF2aiN1W1PUkfVKXQuC02cKkZnFij2PokFwgWE/ZR74OnjTTiZ9Q3+Xf7sHFdc1KDGAXUFN7+HZ8HHHV2dES8oiGRtAGZMeJuZ8+3eHrhHUgK X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Oct 2017 01:06:24.7233 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB0150 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The SEV_PDH_CERT_EXPORT command can be used to export the PDH and its certificate chain. The command is defined in SEV spec section 5.10. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc: Gary Hook Cc: Tom Lendacky Cc: linux-crypto@vger.kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/psp-dev.c | 110 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 861c44bf2910..0a069e3c7b8c 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -473,6 +473,112 @@ static int sev_ioctl_pek_cert_import(struct sev_issue_cmd *argp) return ret; } +static int sev_ioctl_pdh_cert_export(struct sev_issue_cmd *argp) +{ + struct sev_user_data_pdh_cert_export input; + struct sev_data_pdh_cert_export *data; + int ret, state, need_shutdown = 0; + void *pdh_blob, *cert_blob; + + if (copy_from_user(&input, (void __user *)(uintptr_t)argp->data, + sizeof(struct sev_user_data_pdh_cert_export))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + pdh_blob = NULL; + if (input.pdh_cert_address) { + if (!access_ok(VERIFY_WRITE, input.pdh_cert_address, input.pdh_cert_len) || + (input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE)) { + ret = -EFAULT; + goto e_free; + } + + pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL); + if (!pdh_blob) { + ret = -ENOMEM; + goto e_free; + } + + data->pdh_cert_address = __psp_pa(pdh_blob); + data->pdh_cert_len = input.pdh_cert_len; + } + + cert_blob = NULL; + if (input.cert_chain_address) { + if (!access_ok(VERIFY_WRITE, input.cert_chain_address, input.cert_chain_len) || + (input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE)) { + ret = -EFAULT; + goto e_free_pdh; + } + + cert_blob = kmalloc(input.cert_chain_len, GFP_KERNEL); + if (!cert_blob) { + ret = -ENOMEM; + goto e_free_pdh; + } + + data->cert_chain_address = __psp_pa(cert_blob); + data->cert_chain_len = input.cert_chain_len; + } + + ret = sev_platform_get_state(&state, &argp->error); + if (ret) + goto e_free_cert; + + /* + * CERT_EXPORT command can be issued in INIT or WORKING state. + * If we are in UNINIT state then transition to INIT. + */ + if (state == SEV_STATE_UNINIT) { + ret = sev_firmware_init(&argp->error); + if (ret) + goto e_free_cert; + + need_shutdown = 1; + } + + ret = sev_handle_cmd(SEV_CMD_PDH_CERT_EXPORT, data, &argp->error); + + input.cert_chain_len = data->cert_chain_len; + input.pdh_cert_len = data->pdh_cert_len; + + /* copy certificate length to userspace */ + if (copy_to_user((void __user *)(uintptr_t)argp->data, &input, + sizeof(struct sev_user_data_pdh_cert_export))) + ret = -EFAULT; + + if (ret) + goto e_shutdown; + + /* copy PDH certificate to userspace */ + if (pdh_blob && + copy_to_user((void __user *)(uintptr_t)input.pdh_cert_address, + pdh_blob, input.pdh_cert_len)) { + ret = -EFAULT; + goto e_shutdown; + } + + /* copy certificate chain to userspace */ + if (cert_blob && + copy_to_user((void __user *)(uintptr_t)input.cert_chain_address, + cert_blob, input.cert_chain_len)) + ret = -EFAULT; + +e_shutdown: + if (need_shutdown) + sev_handle_cmd(SEV_CMD_SHUTDOWN, 0, NULL); +e_free_cert: + kfree(cert_blob); +e_free_pdh: + kfree(pdh_blob); +e_free: + kfree(data); + return ret; +} + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) { void __user *argp = (void __user *)arg; @@ -514,6 +620,10 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) ret = sev_ioctl_pek_cert_import(&input); break; } + case SEV_PDH_CERT_EXPORT: { + ret = sev_ioctl_pdh_cert_export(&input); + break; + } default: ret = -EINVAL; break;